Does it matter if I’m pretty much always on a VPN connection?
If yes, what is the default protection? I mean, what does it mean that Firefox decides when to use secure DNS?
Also, why would I not want always “Max Protection”?
What exactly are you trying to understand from your end about DNS and VPNs and browsers?
You’re asking three different questions and only hinting at what you want to understand but you’re not cohesive about it. We need more exposition.
1 Like
Sorry, let me rephrase.
I’ve already got an answer in the past that changing DNS provider on my router isn’t really necessary if I’m always on a VPN connection anyways. But other people in my house won’t, so the question is still relevant to me.
When I disconnect to the VPN and check 1.1.1.1 — One of the Internet’s Fastest, Privacy-First DNS Resolver , it will say I’m connected to 1.1.1.1 but never using DoH.
When I put “max protection”, it will say I’m connected using DoH.
So my question would be, what’s the benefit of not putting “Max Protection”?
1 Like
Well, read the three options and details of what they do and why you may want to select either of them. If you always want to ensure your DNS is secure, then Max Protection should always be selected. But if you find other options to be a better fit for ones browsing needs, then select one of the other options.
In my view, if VPN is not always on or not always used, then always use Max Protection.
1 Like
I read them all and I’m still confused.
What are the benefits of not using Max Protection. It talks about “If secure DNS is not available, sites will not load or function properly.”
Does that really happen? If so, how/why?
1 Like
It is very unlikely but not impossible. It can happen if the website is brand new and some things may not be configured well or if the DNS provider records have not been updated. Or if it is a sketchy website with no security of any kind on the website.
99.9% of the time, it should not happen.
2 Likes
Thanks!
2 Likes
And to me, there are no benefots of not using it for the safety I want with my browsing. But I always use a VPN so this is not even a thing I think about.
1 Like
The “Default protection” is probably there because Firefox relies on third-party DoH resolvers (like Cloudflare and NextDNS) and they don’t ever want to have the browser blamed for a third party service not working.
AS an end user and if you want to have DoH enabled, you should definitely use Max protection.
A couple I can think of:
- Some DNS queries are only resolvable by network / system resolvers (ex:
.lan,.internal,.localetc). - Your network may block access to DoH, in which case the client may decide to use network / system DNS.
If you want your browser to never rely on network / system resolver even if it means inaccessible websites, you’d have no trouble using Max Protection.
That isn’t the case.
What do you mean?
I’m not private to Firefox decision making, so this is why I said “probably”, but there could well be other reasons.